Debian Bug report logs - #682212
CVE-2012-0540 CVE-2012-1734 CVE-2012-1689

Package: mysql-5.1; Maintainer for mysql-5.1 is Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Fri, 20 Jul 2012 10:39:02 UTC

Severity: grave

Tags: security

Done: Clint Byrum <clint@ubuntu.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#682212; Package mysql-5.1. (Fri, 20 Jul 2012 10:39:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>. (Fri, 20 Jul 2012 10:39:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2012-0540 CVE-2012-1734 CVE-2012-1689
Date: Fri, 20 Jul 2012 12:35:45 +0200
Package: mysql-5.1
Severity: grave
Tags: security

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html :

CVE-2012-0540 	MySQL Server 	MySQL Protocol 	GIS Extension 		No 	4.0 	Network 	Low 	Single 	None  None  Partial+  5.1.62 and earlier, 5.5.23 and earlier   
CVE-2012-1734 	MySQL Server 	MySQL Protocol 	Server Optimizer 	No 	4.0 	Network 	Low 	Single 	None  None  Partial+  5.1.62 and earlier, 5.5.23 and earlier   
CVE-2012-1689 	MySQL Server 	MySQL Protocol 	Server Optimizer 	No 	4.0 	Network 	Low 	Single 	None  None  Partial+  5.1.62 and earlier, 5.5.22 and earlier

Cheers,
        Moritz



Reply sent to Clint Byrum <clint@ubuntu.com>:
You have taken responsibility. (Wed, 28 Nov 2012 22:42:13 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Wed, 28 Nov 2012 22:42:13 GMT) Full text and rfc822 format available.

Message #10 received at 682212-done@bugs.debian.org (full text, mbox):

From: Clint Byrum <clint@ubuntu.com>
To: 682212-done <682212-done@bugs.debian.org>
Subject: This was closed by the update to 5.1.63
Date: Wed, 28 Nov 2012 14:39:51 -0800
mysql-5.1 (5.1.63-0+squeeze1) stable-security; urgency=high

  * SECURITY UPDATE: Unspecified vulnerabilities identified by Oracle:
    CVE-2012-0583 CVE-2012-1688 CVE-2012-1690 CVE-2012-1703.
    (Closes: 670636)
  * SECURITY UPDATE: New upstream version fixes authentication bypass.
    CVE-2012-2122 (Closes: #677018) 
  * d/rules: Change get-orig-source to a working mirror.
  * Source also properly downloaded/repacked with get-orig-source
    to remove non DFSG compliant Docs files.

 -- Clint Byrum <clint@ubuntu.com>  Tue, 12 Jun 2012 06:12:57 -0700



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 27 Dec 2012 07:26:01 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 23:52:23 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.